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FIG. 4 



40? ► call malloc //store call results in eax 

^ -^408 

404 ► mov d gbp + offs et^) , (j&x^) 

410^/^3ZZZT 
406 ► cmp Qj5bp£oSSj> , 0 

412 ► bne address //branch if memory obtained 

414 ► branch error //raise exception if no memory 



,400 
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FIG. 6 



,600 



bar() 

{ y 602 

int * p = (int *) mallocfsize of (int)); 

foo (p) "^604 
//top (p) -*-606 

} 

foo (int *p) 

*p = 0; //start here and go backward 

} 



FIG. 7 



Instruction 

Address OPCODE OPERANDS Comments 



//Begin Bar () 

A push 4 //create holder for integer 

B call malloc 

C push eax //temp var on stack 

D call foo //temp becomes parameter to foo 

E ret //End Bar() 

//Begin foo () 

F mov eax, [esp+4] //parameter ► eax 

G mov eax, 0 //set p=0; 

H ret //End foo () 
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FIG. 8 



,800 



^806 .808 ^804 



Addresses ^ Data^ States ^802 



B eax 202-y~xJ 10 

C eax 204^^812 

C temp 0 202^J14 

D temp 0 214^^816 

D parameter 0 216^^18 

F parameter 0 202^^20 

F eax ' 204 <^ 

G eax 202 
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FIG. 10 



Address Data State 

G eax 302 

F eax 304 

F parameter 0 302 

D parameter 0 312 

D temp 0 310 

C temp 0 302 

C eax 304 

B eax 302 
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FIG. 11 
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FIG. 12 



1200 



Array 1 


intg [10];-^ — 


-1206 12Q2 1204 


main () 
{ 


H 


g [3] = o 


; //mov [g + 3 * 4], 0 


} 





Array 2 


intg [10]; 






main (int i) 


—1210 




{ 






9 [i] = 0; 


//mov CHE^ 


Jesp + 4] 


} 


//mov [g + 4 * < 


Zeax>], 0 



1212 



FIG. 13 



,1300 



//Definition Use Address 



1306 1304 
mov [reg + <offset of i in T>], 0 v 73F4 S 

* push [reg +Voffset of i in T>] 89AB 6W 
1302^ 
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.1400 

FIG. 14 
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FIG. 15 



//Definition Use Address 

1506 



1504 / 
1502 ^ movreg, [g + 4] F11F 
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FIG. 17 



/* Description: 

* VChase is a class that can be used to follow data flow around a program 

*/ 

class VChase ■< — 1702 
{ 

public: .^1704 

// Create a chase object for some data at an instruction 

static VULCANDLL VChase * VULCANCALL Create( VOperand op, Vlnst *plnst, 
VProc *pProc, VComp *pComp ); 

// Free memory assoicated with this object (and optionally the whole set) 
virtual void Destroy (bool fSet = true) = 0; 



enum ChaseType 

{ \ 

ctRegister = 0, 1708 

ctSymbol = 1 , 
ctGlobal =2, 
ctlmmediate = 3, 
ctPointer = 4, 
ctArray = 5, 
ctDataMask = 7, 
ctLEA = 8, 

ctLEASymbol = ctLEA | ctSymbol, 
ctLEAGIobal = ctLEA | ctGlobal, 
ctLEAPointer = ctLEA | ctPointer, 
ctLEAArray = ctLEA | ctArray, 
ctReturn = 16, 
ctCantContinue = 32 

}; 

// Get the current type of this chase object 
virtual ChaseType TypeQ = 0; 



"1706 



^,1710 



// Get the location of this chase object ^^1712 
virtual Vlnst *lnst() = 0; 
virtual VProc *Proc() = 0; 
virtual VComp *Comp() = 0; 

✓ 1714 

// Get the contents of this chase object p 
virtual ERegister Register() = 0; 
virtual Vlnstance *lnstance() = 0; 
virtual VBIock *Global() = 0; 
virtual DWORD lmmediate() = 0; 
o virtual const VAddress *Pointer() = 0; o 
q virtual const VAddress *Array() = 0; £ 



o 
o 
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// Does this object represent the return value from a call? 
virtual boot IsCallQ = 0; M — 1 802 FIG 18 

// Get the next chase object in this set 
virtual VChase *Next() = 0; — 1 804 "J, 806 

// Chase across 1 thing and return set of new objects 
virtual VChase *ChaseBackward() = 0; 
virtual VChase *ChaseForward() = 0; 

1808 

// Chase back to a symbol 



virtual VType *ChaseToType() = 0; 
virtual Vlnstance *ChaseTolnstance() = 0; 

.1810 

II Chase until callback returns true 

typedef bool (VULCANCALL *PFNCHASEDONE)(VChase *pCur); 
virtual VChase *ChaseBackTo(PFNCHASEDONE) = 0; 
virtual VChase *ChaseForwardTo(PFNCHASEDONE) = 0; 



// Return type from IDone::Done (unavailable from static callback) 
enum ChaseDone ^ ^ 

cdContinueDiscard, 
cdDoneKeep, 
cdContinueKeepAsFrom, 
cdDoneDiscard, 

}; 



// Chase using interface for callback 

class IDone M 1814 

{ 

public- 
virtual ChaseDone VULCANCALL Done(VChase *pCur) = 0; ^ — 1816 

}; 

virtual VChase *ChaseBackTo(IDone * = NULL) = 0; M 1g18 

virtual VChase *ChaseForwardTo(IDone * = NULL) = 0; 



// Get the next node kept onlong the path 
virtual VChase *From() = 0; 

// Predefined stopping routines for ChaseBackTo 
static VULCAN DLL bool VULCANCALL DoneAtType(VChase *); 
static VULCANDLL bool VULCANCALL DoneAtlmm(VChase *); 
static VULCANDLL bool VULCANCALL DoneAtPointer(VChase *); 
static VULCANDLL bool VULCANCALL DoneAtGlobal(VChase *); 
static VULCANDLL bool VULCANCALL DoneAtLEA(VChase *); 
static VULCANDLL bool VULCANCALL DoneAtCALL(VChase *); 

}; 
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FIG. 19 



1904 1902 

ir- — - — _. - ... — , 



Vlnstance *pParam = pProc->FirstCallParam( pCalILL, pComp ); 

^-1908 ^-1906 
VChase *pChase = VChase::Create( pParam, pCalILL, pProc ); 

^-1910 ^-1912 
VChase *pDLLName = pParam->ChaseBackTo( VChase: :DoneAtGlobal ); 
for (VChase *p = pDLLName; p != NULL; p = p->Next()) 
{ ^-1914 
printf("%s\n", p->Global()->Raw() ); 

} 
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